Age | Commit message (Collapse) | Author | Files | Lines |
|
Inspired by looking into
https://ask.wireshark.org/question/8009/wireshark-ring-buffer-settings-from-command-line/
... in which the user was confused because a duration set on the command
line was not reflected in the GUI. That's because
I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae added the `interval` ring-buffer
option and made the GUI use this rather than `duration`. This was not at all
clear in the GUI, though.
Since `duration` and `interval` have quite different use cases, expose both in
the GUI.
Try to clean up and unify the tooltips at the same time. I'm not entirely
convinced the tooltips need to be on the checkbox, the spinbox, and the
combobox but leave it that way for now.
Add some to the man page description of the interval option to hopefully make
it clearer what the option does.
Change-Id: I3b45fe71c33af64d980dffb5e5ba93e2a15a6b96
Reviewed-on: https://code.wireshark.org/review/32526
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Mention Npcap whereever we mention WinPcap.
Change-Id: I6ee295ca88302e2516d5658a5d528f9675209da8
Reviewed-on: https://code.wireshark.org/review/32352
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Update manuf, services enterprise numbers, translations, and other items.
Change-Id: I0e282baebc0cda0e54e49eff60827eec02f6f797
Reviewed-on: https://code.wireshark.org/review/31402
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
With the introduction of the ip command (from iproute2) on modern
Linux systems it becomes common to see this tool available,
gradually replacing tools like netstat and ifconfig.
Change-Id: I1fb309e741c07c93271b61a35c4833d36bcc5cb8
Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-on: https://code.wireshark.org/review/30924
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Update manuf, services enterprise numbers, translations, and other items.
Change-Id: Idfe3eaa6b9abd2337590a09972ce44266c2893ca
Reviewed-on: https://code.wireshark.org/review/30880
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Make sure the -i <pipe> documentation is consistent and correct.
Change-Id: I9019effb658f914ac754e4ae893eafbe7c4b4da1
Reviewed-on: https://code.wireshark.org/review/30675
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Add the ability to rotate files after a specified number of packets (`-b
packets:NUM`). Move some condition checks to capture_loop_write_packet_cb.
Add `-a packets:NUM` in order to be consistent. It is functionally
equivalent to the `-c` flag.
Add a corresponding "packets" option to the Capture Interfaces dialog
Output tab.
Add initial tests for autostop and ringbuffer conditions.
Change-Id: I66eb968927ed287deb8edb96db96d7c73526c257
Reviewed-on: https://code.wireshark.org/review/30534
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Move the condition logic from capture_stop_conditions.c to dumpcap.c.
Remove capture_stop_conditions.[ch] and conditions.[ch].
Switch duration values to doubles.
Change-Id: Ifa74fb13ec8fc923b0721597a6cf071d72069ea0
Reviewed-on: https://code.wireshark.org/review/30440
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
We've set "=encoding utf8" in wireshark.pod for a long time. Do so in
the rest of our .pod files.
Change-Id: I3ef0fb3a88ed63275b4ff4362b6afbf13d79a0bc
Reviewed-on: https://code.wireshark.org/review/29182
Reviewed-by: Gerald Combs <gerald@wireshark.org>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
At one point, I remember a discussion resulting in the official name of
the next-generation replacement for pcap format being changed to
"pcapng", with no hyphen.
Make Wireshark reflect that.
Change-Id: Ie66fb13a0fe3a8682143106dab601952e9154e2a
Reviewed-on: https://code.wireshark.org/review/25214
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
pcap provides a pcap_set_tstamp_type function, which can be used to request
hardware timestamps from a supporting kernel.
This patch adds support for aforementioned function as well as two new
command line options to dumpcap, wireshark and tshark:
--list-time-stamp-types
List time stamp types supported for the interface
--time-stamp-type <type>
Change the interface's timestamp method
Name choice mimics those used by tcpdump(1), which already supports this
feature. However, unlike tcpdump, we provide both options unconditionally.
If Wireshark was configured without pcap_set_tstamp_type being available,
--list-time-stamp-types reports an empty list.
Change-Id: I418a4b2b84cb01949cd262aad0ad8427f5ac0652
Signed-off-by: Ahmad Fatoum <ahmad.fatoum@siemens.com>
Reviewed-on: https://code.wireshark.org/review/23113
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add the "interval" option to "-b". Each new capture starts at the
exact start of a time interval. For instance, using -b interval:3600
will start a new capture file at each whole hour.
Changed the duration option in the GUI interfaces to use the new
interval option.
Change-Id: I0180c43843f5d2f0c2f50153c9ce42ac7fa5aeae
Reviewed-on: https://code.wireshark.org/review/22428
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Sake Blok <sake.blok@SYN-bit.nl>
|
|
Default value for snaplen is defined in wiretap/wtap.h:
#define WTAP_MAX_PACKET_SIZE 262144
and used in capture_opts.c:
capture_opts->default_options.snaplen =
WTAP_MAX_PACKET_SIZE;
but help and man pages don't reflect this change.
Change-Id: I35ddf1e8b7ffd657f4e01b3fe6b4c44c9acece2b
Reviewed-on: https://code.wireshark.org/review/20738
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Iabae39347bc0058d106a9b00d81629899bc93249
Reviewed-on: https://code.wireshark.org/review/20526
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
Refer to "Windows" instead of "Windows 2000". Add an "ip link show"
breadcrumb.
Change-Id: Ie1faa1d30b0ac63de35b0385cbb1306f08828e61
Reviewed-on: https://code.wireshark.org/review/18056
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
GUI from CLI
Move ui/filters.[ch] to filter_files.[ch] because dumpcap is using functionality.
Bug: 8091
Change-Id: I195c82fc023f97d6f331b8718c45a2d83d30faea
Reviewed-on: https://code.wireshark.org/review/5925
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Most of our sites are now HTTPS-only. Update URLs accordingly. Update
other URLs while we're at it. Remove or comment out dead links.
Change-Id: I7c4f323e6585d22760bb90bf28fc0faa6b893a33
Reviewed-on: https://code.wireshark.org/review/7621
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I9bfc57cb6b6ab6962b80ff58d98eb351d6f69829
Reviewed-on: https://code.wireshark.org/review/4140
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
capture buffer size in IEC units, but document it as such.
#BACKPORT(1.10, 1.8(?))
svn path=/trunk/; revision=53728
|
|
properly so that we avoid overflow conditions and so that we ensure we don't capture more than 2GiB. Also, document the max filesize autostop value of 2GIB as well as indicating that it's truly GiB and not GB.
This fixes the problem reported on ask: http://ask.wireshark.org/questions/23891/wireshark-wont-run-with-multiple-capture-files
#BACKPORT(1.10) ... not sure about 1.8?
svn path=/trunk/; revision=51576
|
|
fix a typo in the dumpcap manpage
svn path=/trunk/; revision=51096
|
|
argument to the -F flag for pcap format is "libpcap", not "pcap", we
have a problem. Make it "pcap", and add a backwards-compatibility hack
to support using "libpcap" as well.
Update the man pages to refer to it as pcap as well, and fix the
capitalization of "WinPcap" (see http://www.winpcap.org) while we're at
it.
Also, refer to http://www.tcpdump.org/linktypes.html for the list of
link-layer header types for pcap and pcap-ng.
svn path=/trunk/; revision=50989
|
|
svn path=/trunk/; revision=50947
|
|
svn path=/trunk/; revision=50126
|
|
svn path=/trunk/; revision=49427
|
|
configurable via command line options and print specific drop numbers
at the end. This allows to tune the buffering when using multiple
threads.
This also fixes a logic arrow in enforcing the limits.
The patch for the enhanced counters is from Anders Broman.
svn path=/trunk/; revision=48223
|
|
svn path=/trunk/; revision=48221
|
|
svn path=/trunk/; revision=47937
|
|
(use the same text that dumpcap -V prints)
svn path=/trunk/; revision=47455
|
|
Add that option to tshark, too, and document it.
The option can't be given to Wireshark because the GUI already has a "-g"
(goto packet).
svn path=/trunk/; revision=46513
|
|
rpcap and the new TCP feature from bug 2788.
svn path=/trunk/; revision=43156
|
|
svn path=/trunk/; revision=42600
|
|
svn path=/trunk/; revision=41564
|
|
Refer to pcap-filter and mention tcpdump only as a fallback.
svn path=/trunk/; revision=40820
|
|
svn path=/trunk/; revision=39113
|
|
the capturing on multiple interfaces.
svn path=/trunk/; revision=37824
|
|
pcap. Add a "-P" capture option which tries to use pcap instead of
pcap-ng ("-P" seemed to be the best option but we may want to use a
different letter).
Update the documentation and release notes.
svn path=/trunk/; revision=37696
|
|
svn path=/trunk/; revision=35038
|
|
capture filter in human-readable form. (Well, readable by humans who
know BPF machine language, at least. :-))
svn path=/trunk/; revision=33509
|
|
about using large numbers of files.
svn path=/trunk/; revision=32999
|
|
and add support for SIGINFO, so, if your OS supports SIGINFO, you can
get the packet count by typing ^T.
svn path=/trunk/; revision=32958
|
|
being the only program that needs to be linked with *pcap, that's when
we'd want to fetch that information, but there might be other libraries
(e.g., the POSIX capabilities library) that it might be linked with but
that programs that use it aren't linked with.
Don't commit to the output formats of -M, as they are, as noted, subject
to change from release to release.
svn path=/trunk/; revision=32904
|
|
Add support for a machine-readable "-v" output, which prints only the
pcap version string.
Give a little more information about the machine-readable format, but
note that it's primarily intended for consumption by Wireshark and
TShark and is subject to change.
Properly hyphenate "pcap-ng".
svn path=/trunk/; revision=32851
|
|
libpcap/WinPcap and the capture mechanism atop which they run might
either silently limit the buffer size to a smaller value or raise it to
a higher value - that's the part that's platform-dependent.
svn path=/trunk/; revision=32718
|
|
svn path=/trunk/; revision=32707
|
|
svn path=/trunk/; revision=32702
|
|
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2132
Point to the Wiki's page on capture filter syntax in case neither libpcap's
nor tcpdump's man pages are available (e.g., on Windows).
svn path=/trunk/; revision=32435
|
|
to be set.
Clarify that each "-b" criterion needs the "-b" option (see bug 4573).
Fix a couple of typos.
svn path=/trunk/; revision=32245
|
|
svn path=/trunk/; revision=28338
|
|
editcap: Add description of -i option;
dumpcap: Add description of -S option;
svn path=/trunk/; revision=28336
|